Keeping the Zeus Botnet Out of Your Enterprise

By ServerWatch Staff (Send Email)
Posted Feb 22, 2010

Zeus targets banking credentials but can steal anything from Facebook to Web-based e-mail, and SSL certificate files. This eWeek article provides organizations with steps to take as they investigate and remediate machines in the event of a compromise.

Zeus is old, but the more than 70,000 unique variants is still good at stealing credentials.

"Residual and supporting utility data should be identified and preserved early in the process including backup tapes, email communications between the parties of interest and log files of various systems which may have recorded activity such as web server logs, router logs and IDS logs, surveillance camera recordings and access point logs," Laykin continued. "Often these logs are quickly overwritten due to their size thus they should be focused on early."

"The best advice for a system known to be infected with a Trojan is to replace it with another machine/disk or reimage it because it is impossible to know what modifications to a system a cyber-criminal may have made through the Trojan or what else may have been installed, Dirro said."

Read the Full Story at eWeek

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.